Question about wallet backup and PIN security

The encryption for the wallet backup is AES-256, which is nice and strong. The entire wallet is encrypted (including the public keys, addresses, and transactions). The key derivation function used is rather weak, it's basically 3 MD5's. This means that the wallet backups aren't resistant to brute-forcing attacks (compared to say Bitcoin Core, Armory, or GreenAddress.it's PIN), so using good/long passwords is advised if you plan on storing them anywhere online. (Presumably the choice of KDF was to make it compatible with openssl's command-line tool for decryption).

The PIN encrypts the private keys (and the seed), but not the public keys/addresses. These encrypted keys are part of the wallet backup, so you need both the wallet backup password and the PIN to perform a restore and then spend any funds.

It should be noted that enabling the PIN option does not encrypt the initial on-device backups made shortly after install. This means that malicious apps which have root access can gain access to your private keys, even after you set a PIN. This is not a problem on an unrootable device, and at the moment it's not a problem on a rooted device as long as you don't give root(/SuperSU/SuperUser) access to any questionable apps, however malware will continue to become more sophisticated, so this may one day be a problem... (to be fair, a malicious app that acquires root access could find other ways to eventually access your private keys even if they were encrypted, so encrypting them may not help much anyways).

Edited to add: regarding that last paragraph, it is a problem if you lose your phone, and if it's rootable (as many Android phones are). A PIN would not protect your funds from a knowledgeable thief in this particular case, but hopefully nobody stores large quantity of bitcoin on their phone....

Topic: Question about wallet backup and PIN security (Read 1980 times)